Virus, worms, and Trojan horses are types of malicious computer code. As used herein, “malicious computer code” is any code that enters a computer without an authorized user's knowledge and/or without an authorized user's consent. A worm is a type of malicious computer code that is self-replicating. A worm spreads over a network from one computer to another, usually via e-mail attachments. The operating system (OS) on the e-mail recipient's computer puts the attachment into a temporary holding area such as a temporary folder. In recent Windows operating systems, the temporary folder is a hidden folder. When the recipient clicks on the attachment or the attachment automatically executes via a vulnerability, the executable worm inside the temporary holding area opens and creates another e-mail with an attachment, i.e., the worm.
One technique for blocking the replication of worms that spread via e-mail is disclosed in commonly owned U.S. patent application Ser. No. 10/255,658 filed Sept. 25, 2002.